Incident Response CLI

Module

Cli

Status

IMPLEMENTED

Description

CLI commands for incident response lifecycle management. Users can start incident mode with severity/scope/description (auto-creates evidence holds and sends notifications), view incident status with timeline, end incidents with resolution notes and optional evidence hold release/report generation, and list all incidents filtered by status.

Implementation Details

Command Group: src/Cli/StellaOps.Cli/Commands/IncidentCommandGroup.cs -- IncidentCommandGroup for stella incident commands
IR Commands: src/Cli/StellaOps.Cli/Commands/Ir/IrCommandGroup.cs -- incident response operations
Commands:
- stella incident start --severity <level> --scope <scope> --description <text> -- start incident mode (auto-creates evidence holds, sends notifications)
- stella incident status <incident-id> -- view incident status with timeline
- stella incident end <incident-id> --resolution <text> -- end incident. Options: --release-holds, --generate-report
- stella incident list -- list incidents. Options: --status open|closed|all

E2E Test Plan

Run stella incident start --severity critical --scope "production" --description "CVE-2024-1234 exploited" and verify incident created
Verify evidence holds auto-created on incident start
Verify notifications sent on incident start
Run stella incident status <id> and verify timeline displayed
Run stella incident end <id> --resolution "Patched" --release-holds --generate-report and verify incident closed
Run stella incident list --status open and verify open incidents listed
Verify --format json output

1.7 KiB Raw Blame History